A

What I worry about here is like Citadel securities to me is not the voice to be saying we care about consumer protection.

B

I really think as an industry, we need to take those issues really seriously because the SEC is never going to allow capital markets to come on chain unless we can prove that they're fair and transparent.

C

One of the things that I still have PTSD over is 2022 where a major contributing factor. I was at a DEFI protocol at that time and, and I was so furious because there was so much demonization of DEFI in the press narrative during the crypto crash. And we were all like, it's not defi that screwed this up, guys. It's actually cefi masquerading as DeFi.

A

Wait for this next creepy part, because it got worse. So then they were like, okay, let's point the agents at brand new contracts that were just put out into the ecosystem with no known issues. Within a short period of time, the agents found two zero day exploits. Zero days, essentially. Just like the builders have had zero days to fix any vulnerabilities following release. And they executed exploits and they made money that cost more than what the agents cost.

C

Hi all and welcome to Dex in the City where the wallets are cold and the takes are hot. First we have Jesse Web3 prosecutor turned Web3 protector at ribbit Capital.

A

Hi everyone.

C

And v, from the SEC to Web3, what's up? And I'm your host, Katherine or KK, fluent in TradFi and conversant in deep tech over at starkware. And VY and I are reporting live from our hotel rooms at the Blockchain Association Summit in Washington dc. So we've been into some good stuff. But before we get started, here's a word from our sponsors that make this show possible.

D

Are you a builder who needs to add on chain trading to your product? The Uniswap Trading API from Uniswap Labs offers plug and play access to some of the deepest liquidity in crypto. It's on chain execution at an enterprise level. More liquidity, less complexity. Visit hub.uniswap.org to learn more.

C

Before we get going, remember, we're lawyers, but we're not your lawyers. Nothing you hear on Decks in the City is legal or financial advice and it doesn't create an attorney client relationship. For the fine print, check unchained crypto.com. so we have a jam packed episode today because as usual, there has been so much going on in crypto. Mostly good, but some bad. And speaking of bad, the industry was Rocked the other day with a very strongly worded lengthy article from Citadel Securities. So, V, jump in and tell us more about this letter and why they sent a letter and all the things. Sure.

B

So first off, like, excuse the bed in the background. I tried to make it as I could. I'm not very good at it.

C

So I also made my bed. This is how much you care about.

B

Yeah, I usually don't do that in hotel rooms. Okay, so let's talk about Citadel. So this week Citadel securities, our favorite little market maker and the king of payment for order flow, submitted a comment letter to the SEC on tokenized equities and so called defi trading protocols. And this letter is fascinating because I think it tells you like exactly how a major incumbent thinks about this next potential chapter of market structure. Right. So here's the gist of their position. So Citadel says they support the idea.

C

Sorry to interrupt before we get there because I got this question and I know the answer, but I want you to explain it. Why would Citadel send a letter to the sec? Like, what is the point? Can I just send a letter to the sec? Like give us more info on just the background of where this came from. Yeah, so.

B

So I mean the general answer is yes, anyone could, can submit like a letter, a comment, a question to the sec. Usually this takes place in the context of a formal rulemaking. Right. Where the agency, the SEC actually invites comment letters from the public. I think what probably prompted this particular letter is Chair Atkins has been talking a lot recently about something called the defi innovation exemption. And I think that has made a lot of. So I think it's made crypto very excited about the possibilities there. But I think it has made some of the incumbents and Tradfi very nervous because he has not yet said what it's going to look like and how it's going to impact like the current market and market structure.

C

Right.

B

So I think that is probably what prompted this letter. So in the letter they do say they support the idea of tokenization and you know, they acknowledge all the things that we know. Right. The efficiency gains, faster settlement, investor choice, all the usual stuff that we talk about. But they draw a very bright line. Right. So in their view, if you're going to trade tokenized US equities, even on blockchain rails, you still have to play by the exact same regulatory rules that govern national securities exchanges and broker dealers today. In other words, they don't want any shortcuts, no exemptions, and like no free passes for defi and the Letter essentially asks the SEC to do three things, right? So the first thing is they ask the SEC to identify and classify the intermediaries behind tokenized equity trading, including all of the actors like inside and involved in the DEFI protocols. The second thing the letter does is refuses any broad exemptions or it asks the SEC to refuse any broad exemptions from the definitions of exchange or broker dealer. Right? And if you guys remember the last few years under J.R. gensler, this was a huge point of contention between the SEC and the industry. And then the third thing that the letter asks for is they say, you know, if the SEC does want to modernize the rules, they have to do it through a full notice and comment rulemaking. So the thing that I mentioned earlier, not a one off exemption like the defi innovation exemption, whatever that ends up being that Chair Atkins keeps touting, right? So I think on its face some of this seems reasonable, right? Like I think the, the crypto industry oftentimes we have very knee jerk reactions to things like this. But I would just like encourage everyone to kind of take a deep breath and like take some of these things seriously, right? Like, because I think there is some reasonable stuff in here. Asking for regulatory clarity, that's a hot take.

C

That's how I know.

B

But it should, but it shouldn't be, right? Like asking for regulatory clarity through a proper rulemaking process is literally what the crypto industry was asking Gensler for for four years. And there's nothing unreasonable about that, right? So I think that's totally fair. I want that too. You know, wanting transparency, fair access, market surveillance, custody standards, all this sort of stuff. You know, I spent almost six years at the sec, right. Like there are very real investor protection issues involved. And honestly, like, I think many serious crypto builders agree that we need stronger just like assurances around resiliency and risk management of tokenized assets. I mean this is something that like all three of us have written about and talked about at length if we want to attract issuers and investors to actually participate in these on chain capital markets. And by the way, there are a lot of folks in crypto doing just that, right? They're engaging in good faith, we with the SEC to figure out what on chain capital markets would actually look like. So I want to give a shout out to Superstate and Solana Policy Institute and many others that are actually doing this. So I think the other interesting point is the idea that rules should be technology neutral, right? You hear this all the time. What does it actually mean? I think the Point that Citadel makes about rules being tech neutral is also not unreasonable. Right. Because that could mean that just because a matching engine is run by code instead of a centralized intermediary doesn't mean that it should just magically escape regulation if the function it's performing is the same. Right. So especially if it's something that is kind of centralized, like a lot of L2 sequencers today. Sequencers today are central, pretty Centralized.

C

Leave the L2s alone.

B

I know, I know, but it's true, right?

C

So, like, not necessarily some of them are. Right.

B

Like, do you. I mean, do you want to. Do you want to expand on that?

C

Well, I think. Look, like it's definitely. Things get complicated when you start talking about tokenized securities. Like, I think we all kind of laughed when I think it was Hester Purse who felt the need to come out and write a piece that basically said, hey, guys, remember, tokenized securities are still securities. Like, there's a spectrum of crypto where it's gray, but there's also black and white. So tokenized security brings a lot more black and white or a need for black and white into the conversation. Jesse, I want to hear your thoughts, but really quick. I wanted to explain some context here that I think is creating some angst over this issue. First, for those listeners who are not as familiar with the trad markets, Citadel is a leading global massive hedge fund, an asset manager that invests institutional money, founded by Ken Griffin. It's extraordinarily powerful. I cannot underscore that enough on the policy front also, because, frankly, Ken himself has donated heavily to political candidates and super PACs. Citadel Securities.

A

Crypto.

C

Yeah, including crypto publication year. That's confusing. Citadel securities, as V mentioned, is a massive electronic market maker, you know, providing liquidity for investors. They are both owned by Ken. You know, they're distinct but related financial firms. But the very confusing thing about all of this is that Citadel securities has heavily invested in crypto. Like, not through a traditional venture arm, but a lot of strategic investments in major exchanges like Kraken and Infra and all kinds of things across the spectrum. So a lot of people were saying, well, why did they send this letter? Why are they shooting themselves in the foot? My take is that this is effectively a mechanism to kind of, you know, it's a long short on where things are going to end up. And then there's also a theory that this is a preview to an intent to sue the SEC on this basis, and this is a roadmap for their lawsuit. So that's an interesting path that we might see. And things might get really a lot uglier than this letter. But, Jesse, go ahead because I know you have thoughts on risk alone.

A

Yeah, I think it's so interesting because this is probably the only topic so far on the show where I'm probably in between the two of you because I agree that, like, the rules that they're emphasizing as important are really, like, very important and we all really believe in them. What I have a problem with here is like, they are the ultimate intermediary. And of course they want to maintain a system that's based on intermediaries. Like, it would just destroy their moat if DeFi was able to operate without any intermediaries. Right. So, like, they want tokenization to exist. They see the benefits of it, but only if it's done by them or in the way that works for them. So in many ways, this is like the least surprising filing I've ever seen or letter to the sec. But the problem that I have with the letter is not necessarily like the nuance that V is able to read into it, but rather that it's sort of forcing the FCC to choose and creating like a black and white situation here. And I think it's misclassifying what industry is asking for. Because as we discussed and as V you mentioned, like, there is this innovation exemption idea that's out there, but nobody knows what it's going to be. And it's probably, I could bet on it is not going to be a full blanket exception without any requirements.

B

It's like I'm here's like a whole new on chain capital markets, like overnight.

A

Like, I know inceptive authority works. Like it needs to be conditional and narrow. We need to get a real sense of what's required here. So to me, like Citadel is saying, look, sec, you have to decide between regulation and no regulation. No regulation's bad for all these reasons. And these are all intermediaries for all the same reasons. But really, like, which is not accurate.

C

Which is not accurate. I think their letter definitely goes to forward. Right.

B

They sweep in everything.

A

Right? Like everything.

B

Validators, everything. Yeah.

A

And I think if this letter was submitted to the SEC a year ago, I would be more worried about its impact because we haven't hadn't spent this entire year educating about what all these different roles in DEFI could be and why it's important right now. I think it does speak exactly to what you were saying, KK which is like, we know litigation's coming. Rulemaking is definitely something that probably should come about. But like, we don't really know what's going to happen until we have more details on this exemption.

C

Well, the other thing that I think this letter is really important to remind everyone in crypto, and I feel like I'm a broken record on this. But crypto is a bubble. We're all hanging out with each other all the time, talking with each other all the time. Now it's a problem. It's a problem from an advocacy perspective. One of the things that I like about my ability to advocate for crypto is I have a crypto skeptic tradfi husband and I use him all the time to pressure check my assumptions to effectively bring me back into kind of the trad perspective. So I want to remind everyone in crypto that this letter is not outrageous to a lot of traditional financial services. So that might be troubling to crypto. And I'm certainly not saying citadel's right with the concepts in these letters. I'm saying they're wrong on a lot. But it is a refresher and a reminder that how we think and view these issues is not how a lot of very powerful people and entities think and view these issues. So we still have work to do to educate and to advocate, for example, on behalf of validators, on behalf of L2S, on behalf of all of these various market participants. That should not be regulated. We need to explain why and we need to justify it. And we need to speak in a way that trad markets can understand.

B

And do you know what, what else we have to do? Like, I. I know I sound like a broken record. I feel like I've written like 50 op eds on this. But one thing I keep really pushing is when the industry talks about on chain capital markets, we focus so much on on performance, right? Like speed, efficiency and cost. And I think not enough on investor protection and market integrity.

C

Right.

B

Like I've mentioned to you guys, the duty of best execution before. So that's just one example.

A

Right.

B

It's a rule that exists in today's securities markets to ensure that brokers fill customers orders fairly. That's a really important policy goal. Like issuers and investors are not going to participate in capital markets where orders aren't treated fairly. Right? So how are we going to achieve that on chain? What do we do about something like conflicted order routing, which basically exists everywhere in crypto trading today in the form of MEV and other forces? There are a lot of projects taking this seriously. Right. Flashbots has developed a lot of mechanisms to help solve this problem on the Ethereum blockchain. And companies like Jito and Temporal or Harmonic have put out tools to address this. But I really think as an industry, we need to take those issues really seriously because the SEC is never going to allow capital markets to come on chain unless we can prove that they're fair and transparent, nor should they. And so that is. It's like something that I just, I want the industry to start thinking really seriously about that.

A

Like v. That is 100% on point. What I worry about here is like, Citadel securities to me is not the voice to be saying we care about consumer protection and give us a the best everything. And so it's very easy for Defi to dismiss the arguments like full stop in this letter when what you're saying is actually really true, that they're making good points. They're just doing it a way that like, misclassifies DeFi.

B

And yeah, there's a lot of inaccuracies in there.

A

Like regulators were the enemy for a long time and now trap. It's not just here, it's a genius act, et cetera, like, are becoming the enemy. And so honestly, like, when crypto has an enemy, like, we. Our bubble gets more entrenched and it's like you're against us or.

B

Yeah, speaking of bubbles, KK I totally agree that, like, it's actually a great reality check to have a non crypto like husband because literally every other week I ask my husband if I sound like I'm in a cult and he's like, yeah, kind of.

C

Or a friend or a mom.

B

Yeah.

C

You know, like, come on. Or a dog. It's always good to have these people around us that help live and breathe like Bitcoin. Come on, guys. We can't convert everyone as much as we're trying to do. So. Okay. It's a. It's a longer, longer path. I think.

A

That's.

C

That's right. And the other thing is, look, I think I have an immediate negative visceral reaction when I see people trying to deal with these issues using a sledgehammer as opposed to a scalpel, in the words of Commissioner Purse in her privacy piece. And we have spent so many years with the sledgehammer regulatory approach, and what is likely the best route forward for crypto is a scalpel. Now, it's a lot harder to do that, as we've seen with legislation. But Citadel Sledgehammer letter was. Was absurd. Again, not absurd to the trad markets, but absurd in how they were sweeping everyone into Something that didn't make sense from a very technical perspective.

B

Yeah, yeah, agreed.

C

Okay, so we have another meaty topic that we're going to move to in a minute, but before we do so, another word from our sponsors.

D

Hey founders and developers, if you're looking to bring on chain trading to your product, wallet or platform, check out the new Uniswap Trading API from Uniswap Labs. It's your plug and play gateway to global on chain liquidity. No deep crypto experience required and no need to manage complex integrations or ongoing maintenance. With the Uniswap Trading API, you'll get enterprise grade on chain execution, combining both on chain and off chain sources for the most competitive prices. Simply put, more liquidity, less complexity. And this isn't just any API. It connects directly to the Uniswap protocol, which has securely processed over $3.3 trillion in total volume with zero hacks. So stop worrying about liquidity infrastructure and focus on building your product. Get access to the same liquidity that powers billions in swaps through one powerful API. Visit hub.uniswap.org to learn more.

C

So two absolutely massive news items from the CFTC this week. Speaking of good news, positive news after talking about Citadel, the first was that Acting Chair Caroline Pham, who has just been on a tear of progress, announced that listed spot crypto products can change on CFTC registered futures exchanges. So as a refresher those are called designated contract markets or dcm. I want to provide a little bit more background there because I am formerly the chief legal officer of a DCM and a crypto spot market. So derivatives or futures are traded on dcms. So meaning that up until now spot crypto trading in the US has not happened on dcms. It's mainly happened on kind of crypto native platforms that aren't regulated by the CFTC or sec. They're subject to this horrible patchwork of state licensing like state money, transmitter licenses, New York bit licenses, et cetera. Some of the spot trading also happens on kind of tradfi platforms like Robinhood. And there's other licenses that can be involved, but the CFTC's primary authority is over the derivatives markets. It's not over spot crypto markets. But the big change, so and this is huge, is that Chair Fam came forward and was basically like DCMS can lost can list spot crypto for trading. This was previewed months ago so the industry actually had chance to comment. But now it's official. Official and we have already seen bit Gnomial launching The first ever leverage spot crypto exchange. So I want to get thoughts from my other hosts, but a very nerdy point here. Margin trades in spot crypto are actually already considered by the CFTC to be retail leveraged commodity transactions. Which means that under like those specific transactions under the Commodity Exchange act are a carve out. Like there's a carve out in the Commodities Exchange act that designates what the CFTC has jurisdiction over that says that certain retail commodity transactions can be treated by the law as if they were futures contracts. So these transactions were already kind of like a secret exception to the whole no spot trading on dcms, but no one was really using this. Now it's a question mark as to where that, like is that where the jurisdiction comes from? So I'll stop talking. But the TLDR of all of this, like from an educational perspective is there has never been like clear guidance from the CFTC that futures exchanges can listen spot crypto as leveraged retail commodity transactions until now. And the real utility is that all of these DCMs can now offer retail access to long and short crypto, like with leverage. And it could also hopefully for centralized exchanges or for dcms, make it a lot easier for those exchanges to offer these products and to navigate all of this without dealing with the state by state patchwork if they rely on federal preemption. So huge advantage there. Everybody's going to want a dcm. So I know that V had some questions.

A

I did.

B

I love asking you all my CFTC questions. So my, my question was like, like a competition one. Almost like all of that is super interesting. But like when I saw this my first thought was oh, like, was just one company like granted like permission to do this and it seemed to come out of nowhere. And so like that made me think about like, I don't know if you guys remember, but when like the SEC was basically forced by the D.C. circuit Court to approve spot Bitcoin ETFs, like they, they did it in a very particular way which is they approved all 11 applications at the same time. So like the first 11 applications they, they approved them as a group and I think they did that because they didn't want to give like any one market participant a leg up or an unfair like advantage or a head start. So like that was kind of my first thought when I saw the bit no meal news. So like do you, can you shed any light on that?

C

It's a, it's a great question. So bit nomial is actually unique. I'm, I'm a fan of bitnomial. They hold a DCM license. They also hold a derivatives clearing organization, a DCO license which is for clearing. And they are also a futures commission merchant and fcm. So that is nearly a full suite of CFTC licenses. And it's what, what's called a vertically integrated structure. So there's actually four pieces of a derivative market. The exchange, the dcm, the clearinghouse, the dco, the broker or the futures commission merchant, the FCM and then the matching engine like the technology. So bit nomial structure is a one stop shop so traders don't have to involve traditional brokers. And bit nomial kind of controls all the different multiple layers as opposed to relying on a bunch of different third parties. That explains in my mind why they were kind of first to do.

B

Because they already had all of the license like the registrations they needed.

C

Exactly. And look, you don't need all those licenses to be a DCM and to list spot crypto. You, you don't. But what it does is it bit nomial structure, it decreases dependencies. And they already offered futures perps. They're actually the 1 DCM in America to call their perpetual like product a perp. And they were the first to list perps. A lot of people forget about that and options. And now this week they launched the first ever leveraged retail spot crypto exchange. So again my take is that they had this good like ready to go with this guidance. Like with what, you know, fam's guidance. There is Nothing preventing other DCMs from moving forward and doing what nomial is doing. The other interesting point I'll make is there aren't that many DCMs. Like there really are not. It's a very small group of crypto DCMs. There's a lot of companies looking into getting a DCM. It's quite a process, it's quite an undertaking. But I would not compare it to registering with the SEC because I, you know, it, it has historically been more realistic to get a DCM than to register as a securities exchange. And there are crypto dcms, whereas as.

B

We, there's, there's like, there's also only like 5 like registered securities exchanges.

C

Yeah, exactly. Like there aren't that many of them. Yeah, well there's, there's, I think there's more than that.

B

Maybe 10.

C

But yeah, yeah, yeah, it's a small number. It's, it's, it's hard to get these licenses. So I'm the other. It's, it's A notable macro point, like, we're not tomorrow gonna see like a huge flood of DCMs. It's a process. And the entities that are already well positioned with crypto futures, if I were them, I would obviously be thinking really strategically about how, like, what direction do we want to take this guidance on.

A

A regulator strategy point? I also think it's sort of interesting because the CFTC sec, like, whether it's totally true or not, like, the crypto industry has always been like, which one do we want? Should we pit one against the other? Which one's better, which one has more power, which is going to enforce less? And, you know, recently there's been all this news and, you know, evidence as well of them working together to try and push the industry forward, as well as some other initiatives. But, you know, what's been going on lately at the cftc, it really is sort of showing me that they're trying to push forward and show themselves capable of regulating this space. And I feel like it's sort of a race to regulate a little bit in interesting, innovative ways between the CFTC and sec. And like, if you layer that competitive aspect of it over the market structure bill and the drafting of it, it sort of, to me seems like they're all sort of trying to show legislators, like, this is how this agency can do it. And the CFTC is taking a strong position here of like, look, we as regulators are doing something really special. We're allowing new things that are going to work and be safe while we keep close tabs on it.

B

Yeah, it's kind of like the CFTC's Project Crypto. And it's like, I think I said this on a prior episode, like, if you don't show that you can do a good job, you're going to get fired. And so, like, that's what they're trying to avoid. Right.

C

But it's good.

B

I think it's like a race to the top in a lot of ways to show.

C

I love that point on the prior episode where if this SEC hadn't, like, fumbled the ball during the Gensler administration, the SEC might have just effectively moved into the crypto. Yeah, the primary regulator. So, like, that's a. That's a sad missed opportunity. But, yeah, look, like chair Fam is making a lot of progress a lot of, like, very quickly. And the sense is that she really wants to get a lot of a lot done before she moves forward. Now we finally, very realistically have the prospect of a CFTC chair. You know, Mike Selig, like, it Looks like smooth sailing. Sailing Fortnum. I am a big fan of future Chair Selig. He's whip smart. You know, he actually really knows and understands crypto. I was very disappointed when there was that kerfuffle over the Brian Quinten's nomination. That was ugly. We don't need to get into that on the pod. But I think Chair Selig will be great. And, you know, it's good that that Chair Fam, or acting Chair Fam is. Is really getting shit done before she's heading out the door.

A

I'm feeling very hopeful today, but I also think, like, the work that's being done. I don't want to say it's just the cftc, but since that's what we're talking about right now by regulators. To show, like, this can work in a regulated space is actually great for the industry because this is a narrative of crypto's unregulated. It's full of criminals. And that narrative can fall apart when you see actively regulated institutions doing this in a way that makes finance better.

C

Yeah, and we know that. I want to be clear. Like, none of us necessarily think regulation good, unregulated, like, no regulation bad. But what we're talking about here is crypto finance. Like crypto trading, if it's not decentralized. Hey, guys, like, if it's a centralized entity facilitating crypto spot trading, it should be regulated. I actually don't think that's a hot take. And one of the things that I still have PTSD over is 2022, where a major contributing factor. I was at a defi protocol at that time, and I was so furious because there was so much demonization of defi in the press narrative during the crypto crash. And we were all like, it's not defi that screwed this up, guys. It's actually cefi masquerading as defi. And yeah, Celsius probably should have been regulated, like, clearly. So, okay, rant over.

A

But that I'm still continued that ran for many episodes.

B

I was wondering if you were going to name the.

A

I think we all learned that pain in different overlapping ways.

C

I got, like, a lot of gray hair over that time period, as did everyone. It was at this time. And occasionally I am like, have we Learned nothing from 2022?

A

I actually think this episode is more positive. And maybe it's because, like, we have a common enemy again, which is Drag by Citadel. Right. But I do think that, like, over the past week, if we judge how crypto's doing and the tenor based on crypto, Twitter, it seems like we're all sort of unified again. So that's good. Look at that.

C

I'm sure that will last, you know, a few months maybe, but.

A

A few months, but, like.

C

Okay, Jesse. And you know, one of the other things I have to add. On another positive note, another huge, huge news broke from the CFTC from Acting Chair fam. She also announced a pilot program for tokenized collateral in the derivatives market. So we just talked about derivatives. We just talked about dcms. I love this. Like, this was inevitable. This was a long time coming. I remember during the very, very dark days before the sun came out in the crypto regulatory environment, there was this massive tokenization summit in February of 2024 where it was basically all of the US regulators, global regulators, talking about tokenization, and they talked a lot about tokenized collateral in the derivatives market. And to be specific, this covers eth, Bitcoin, and uscc. And the reason they talked about it is because I've always thought this is just a fantastic use case for crypto because it's very easily understandable. It's very easy to see the utility. And I'm talking atomic settlement, more transparency, automation, increased capital efficiency, cost savings. Several other big moves forward. Like it's innovation in the derivatives market. You know, I remember. I'm old enough to remember when moving to T + one settlement, like, you know, faster settlement than before was huge. Now we're. We're shrinking that gap more. So in some ways, this feels abrupt to certain people, but I think if you were really focused or if you were kind of plugged into the trad markets, as I was before I joined crypto, I was with a big, you know, with sibo, CBO Digital, the dcm. And you could understand why people were excited about that or more conceptually open to this than a lot of other facets of crypto. So that's another huge piece of positive news from the cftc. I love it.

B

Nice. Thanks for the roundup.

C

Yeah. Okay, so everybody's probably sick of hearing me talk, and we've spent way too much time talking about Tradfi on this podcast. So we're gonna. We're gonna wrap up with our third topic that's actually super cool, and I'm gonna hand it over to our AI czar, Jesse, to give us an overview.

A

It's cool. It's actually, like, a little scary. But essentially what came out last week is that Anthropic did a study showing that AI is changing how we should think about Security on chain, which is a topic that we've covered before, but I think it's a topic that we need to continue to cover because it's only getting harder. Essentially the security paradigm has changed because agents aren't just assisting hackers anymore, but rather they can be the hacker. They're creating and running an entire exploit from end to end, the same way that a sophisticated human actor would, but they're doing it faster, cheaper and with endless stamina because they don't have to sleep, they can work all the time. And so I think we need to be a little bit concerned and really understand what happened here and what this study says. So I'm going to break it down a little bit. So essentially Anthropic created a blockchain simulator and they put AI agents into it, asking them to do something really simple, which is just look at the real smart contracts that have already been exploited in the wild and see if they can independently do it again. So essentially look at all these smart contracts, find the hacks and see if you can recreate them.

C

Wait and Jesse, for our listeners who aren't familiar with Anthropic, tell us a little bit about what it is, because candidly, I didn't know Anthropic until I dug into this.

A

Got it. If you've ever used Claude, that is from Anthropic. So it's essentially, it's way more complicated than this, but essentially it's a competitor to OpenAI. So some people use ChatGPT, some people use cloud, I use both. So no, I'm not here to like, say one or the other, but, but it's, you know, it's, it's one that's very focused on security and safety and it frequently takes the opposite position of other large AI shops about like the dangers associated with AI. And they, if you really want to understand security and AI, like just go to Anthropic's website and they have like amazing primers to help you understand how you should be worried about it. So they're really testing the products that they're putting out there into the world, and that includes testing how it could hack different scenarios. They actually chose smart contracts because they could then quantify how much money could be stolen by how much effort they put in and how much money goes in. And that's why smart contracts were targeted here. It wasn't like anti crypto or anything like that. Like, it was a test that they did and I think it was a test that actually can really help the crypto industry understand the problem here, so essentially just to get back to exactly what they found was the AI agents acting autonomously were able to recreate exploits that already happened. Okay, so that's number one. And they were able to do it over and over again, creating hundreds of millions of dollars of losses. Obviously, this was in a simulator. And okay, so we've seen these hacks before. Is it really that big of a deal? But then they made them test this on smart contracts that they weren't trained on. So how training works for LLMs is essentially to build an LLM, you put all this information in there to make it a foundational set of learnings, and that's called pre training. And then you release it, essentially. So remember when you used to use ChatGPT and sometimes it would say like, this does not. This is not included in our pre training information or our knowledge stops here. So if you really, if you Pre train until January 1st and then you release it, if you ask about something six months later, they might not know about it. Now that's gotten better with something called reinforcement learning and post training and, and web search. But essentially it's very important to know what an LLM has been pre trained on. But they were able to hack smart contracts that they knew nothing about beforehand. So essentially they're not hacking from memory, they're hacking from learning. So they're learning based on prior exploits and figuring out how to do new different exploits.

C

Okay, that's, that's so creepy, Jesse. I just have to stop, wait for.

A

This next creepy part, because it got worse. So then they were like, okay, let's point the agents at brand new contracts that were just put out into the ecosystem with no known issues. Like, they weren't any issues spotted. And within a short period of time, the agents found two zero day exploits. Zero days, essentially, just like the builders have had zero days to fix any vulnerabilities following release. And they executed exploits and they made money that cost more than what the agents cost. And why that's important is that the agents are sort of programmed to make money, right? So they know how to make enough money to offset any costs. And as you watch them learning and getting better, it was getting cheaper to do this for the agents. So each contract that they tested, smart contract for different vulnerabilities, cost about $1. Okay, so they could do 1,000 smart contracts for $1,000 like this. That's insane. So the big story to me is not like AI can hack smart contracts. Like, okay, we sort of knew that. What does that mean? There's hacks all the time. It's probably happening already. I think it's more that these agents can like, reason, iterate, use dev tooling and autonomously execute a full chain attack from start to finish in a faster and cheaper way than humans. So the security vector has shrunk. Like if you put a smart contract out there that controls funds, you have to know it's perfect because an attacker can now spend a dollar to surface every latent issue and continuously harvest and automate a hacking machine. And I think this is so important because one, it's really something that we need to think about and why we need to focus more on cybersecurity more than ever. But two, like, I am so excited about this idea of AI and crypto. The number of like podcasts about AI crypto intersection or blogs or whatever is just endless. Right? And we're still trying to figure out like, how does this all work together? But my question is like, and I'm excited about it too, don't get me wrong, as you can probably tell.

C

But I'm just, I love the passion.

A

Yeah, I'm just not sure we're ready because what happens when agents are on chain day to day, like with 402 or with any other sort of trading mechanism? How do we deal with prompt injection? How do we deal with loss of control scenarios? Like, we're still trying to figure out how to deal with like the vulnerabilities and smart contracts that like DPRK can get at or humans can get at. And so the question now is like, how do we really respond? And it's the end in my mind of passive security. We need more active security measures.

C

I love this because I don't know if you guys know this about me, but I love post apocalyptic movies. It's like my thing, like my husband will be like, there's a new show where everyone has died and gone underground. I think he would love it. And like this is very aligned with that. Like first they come for our smart contracts, then they come to take over our homes. Okay. Anyway, but look, I think these issues are huge. We talk a lot about regulation conceptually. But I always think of in crypto there's three big bucket, buckets of risk. You know, one is like aml, kyc, criminal risk. One is regulatory, sec, cftc. The third is just security. And a good company has a strategy to deal with all three of those risks that are, that is both proactive and reactive. And the security pro strong is often less legal and more, you know, the, the builders, the, you know, the technical people, the cto, the head of security. And I think your point is spot on, is we need to start looking down the pipeline and see what's coming for us on the security sphere to make sure we're prepared.

A

That was a pretty good way to end it. Much more positive than mine.

C

We'll get there. We are strong. Okay, so we have two more super quick things before we wrap up for this week. One, V has a really important shout out. So I'm going to toss it to V. Yeah.

B

So just really quickly, I wanted to draw attention to the Samurai Wallet case. So this is a case that's almost identical to the Tornado cash case. And what happened here was the prosecutors agreed to allow the two co founders to plead guilty to the least serious charge of operating an unlicensed money transmitter business, which carries a maximum of five years as opposed to taking the case to trial and taking their chances at trial on all three charges, which also involved money laundering and likely, to be honest, getting the max sentence of 25 years because the case had been reassigned to Judge Denise Cote of the scny, who, like, if people don't know, she's one of the harshest sentencers on the court. So Keone Rodriguez, one of the co founders, ended up getting the max five years for the one charge that he pled to, and he's set to report to prison on December 19. He has started a petition for a pardon. So I urge all of you who care about developer rights and just the human impact of this case to sign it. We'll link it in the show notes and I've also posted it on my X account.

C

So seriously important shout out. And we should talk more about this on a different episode because the three of us are very familiar with the process of plea deals and a lot of people don't really understand the pressure and the calculus that goes into pleading out. And unfortunately, to some degree these individuals were, you know, in, in the wrong time, at the wrong place, you know, or just there, I don't want to.

A

Call them matter, you know, how much your judge matters and how you negotiate and things like that. Like, it just makes such a difference and it can impact your life forever. Who, what you're going to get assigned to.

C

Yeah, yeah. Which, which is frustrating to say the least. So thank you for that. The important shout out. And of course, this is the second week of our weekly shout out of Crypto good news. So please send us your nominations, send us your ideas, valuable organizations, fun stories, interesting use cases we have a great one that Jesse's going to touch on today.

A

Yeah, thanks everyone for sending ideas in. And, you know, what V was just talking about is so important, so it's hard to follow it. But here's something else that just gives you a little bit more hope about crypto. So essentially there was a huge fire in Hong Kong. Probably many of y' all heard of it. Over 150 people have died so far. And it's like the biggest fire since post 1940s. And essentially it was burning for days in like, a certain apartment complex. And, you know, lots of stuff happens all over the world. It's easy to ignore it. News is so crazy right now. But, you know, a lot of crypto companies did not ignore this one. And they donated millions of dollars to help repair and help some of the victims or families of decedents. And it just sort of shows that, like, in all the crap and in all the news, like, there's a lot of good things and good people happening. And especially in this time in the world, I think it's really important for us to continue to highlight them.

C

16 million. Absolutely. We are global citizens because we are crypto companies. We are borderless, but it still means we take care of humans on this earth. So it's. That's a. That's a beautiful moment and a reflection. Good for those companies. Shout out to those companies for being good citizens. So next week we're going to have a special privacy episode that immediately follows my participation on the SEC's financial surveillance and Privacy Roundtable. Don't know how I finagled an invite to that, guys, but excited to talk all about.

B

It'll be great.

C

Starkware, the OGs of ZK tech and all that fun stuff. And we are going to have our first ever guest on Decks in the City.

B

Surprise test.

A

Surprise test.

C

So we will see you next week. Week. That is it for this week's episode of Jack from the City.